IP: Re: Microsoft's pgp keys don't verify

[David Farber <dave () farber net>]

> X-Sender: rjs#goodread.com () mail samnet net
> Date: Thu, 26 Jul 2001 19:26:32 -0400
> To: farber () cis upenn edu
> From: Richard Jay Solomon <rjs () goodread com>
> Subject: Re: IP: Microsoft's pgp keys don't verify
> Cc: ip-sub-1 () majordomo pobox com
> X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for 
> spam.
>
> > > For at least four months, Microsoft has been sending out security 
> > > bulletins which fail a popular e-mail authentication system. As a 
> > > result, the company could be opening the door to counterfeit bulletins 
> > > from malicious hackers.
> > > To protect against forgery, Microsoft's security response center 
> > > digitally signs its bulletins with PGP before e-mailing them to 
> > > subscribers of its security notification service. But since at least 
> > > March, if recipients attempt to
>
> Maybe they are forged. Reminds me of the story of the first bankcard ATM 
> in Atlanta. At the dedication, the first person to put his card in was 
> rejected. The machine indicated the card was invalid. The embarrassed bank 
> officials gave him his money from the till. Then after he had vanished 
> into the crowd, the security people checked their printed  database, and 
> indeed, the card was hot!
>
> Story told me by Ken Phillips who swore it was true.
>
> Richard



For archives see: http://www.interesting-people.org/